IEEE C80216m-10_0879r1 Project Title

advertisement
IEEE C80216m-10_0879r1
Project
IEEE 802.16 Broadband Wireless Access Working Group <http://ieee802.org/16>
Title
Fix test vectors for cryptographic methods (Annex Q)
Date
Submitted
2010-07-09
Source(s)
Youngkyo Baek
Young-Kwan Choi
Samsung Electronics
E-mail:
Phone :
youngkyo.baek@samsung.com
+82-31-279-7321
*<http://standards.ieee.org/faqs/affiliationFAQ.html>
Re:
Call for SB on “ P802.16m/D6”:
Target topic: “Annex Q”
Abstract
This contribution proposes correction on test vector for cryptographic methods to be included in
the 802.16m amendment.
Purpose
To be discussed and adopted by WG SB
Notice
Release
Patent
Policy
This document does not represent the agreed views of the IEEE 802.16 Working Group or any of its subgroups. It
represents only the views of the participants listed in the “Source(s)” field above. It is offered as a basis for
discussion. It is not binding on the contributor(s), who reserve(s) the right to add, amend or withdraw material
contained herein.
The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution,
and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name
any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole
discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The
contributor also acknowledges and accepts that this contribution may be made public by IEEE 802.16.
The contributor is familiar with the IEEE-SA Patent Policy and Procedures:
<http://standards.ieee.org/guides/bylaws/sect6-7.html#6> and
<http://standards.ieee.org/guides/opman/sect6.html#6.3>.
Further information is located at <http://standards.ieee.org/board/pat/pat-material.html> and
<http://standards.ieee.org/board/pat>.
IEEE C80216m-10_0879r1
Fix test vectors for cryptographic methods (Annex Q)
Youngkyo Baek, Young-Kwan Choi
Samsung Electronics
1. Introduction
CurrentD6 test vectors don’t reflect correctly the current cryptographic method.(e.g. Flag field of initial
CCM block is applied wrongly.)
So we suggest change of test vectors depending on the current cryptographic methods and deletion of
unncessary parts(e.g plaintext ICV).
2. Text Proposal
Modify the sentences at page 897, line 1 as follows
======================== Start of Proposed Text =====================
Annex Q
(informative)
Test vectors
Q.1 Cryptographic method test vectors
Q.1.1 AES-CCM:
Q.1.1.1 Short payload and short ICV
-Plaintext PDU
 Advanced Generic MAC header = D0 0D6
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
-Ciphertext PDU where TEK = 0xD50E18A844AC5BF38E4CD72D9B0942E5, EKS=0x1 (2bits),
PN=0x17F6BC (22 bits) and ICV length is 4B:
 Advanced Generic MAC header = D0 0D

Initial CCM block B0 (128bits):
1909 D0 0D 23 4D 00 00 00 00 00 00 57 F6 BC 00 04
 Encrypted payload of EKS+PN (3B), encrypted payload (4B), encrypted ICV (4B):
57 F6 BC
-After decryption
10 71 D1 B0
FF3C 70DF 71A2 B128
IEEE C80216m-10_0879r1

Plaintext ICV= 99 C7 97 F7
Q.1.1.2 Long payload and long ICV
-Plaintext PDU
 Advanced Generic MAC header = A0 CA

Payload (200B):
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F
30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F
40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F
60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F
70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F
80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F
90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F
A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF
B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF
C0 C1 C2 C3 C4 C5 C6 C7
 STID=0x234, FID=0xA
-Ciphertext PDU where TEK = 0xB74EB0E4F81AD63D121B7E9AECCD268F, EKS=0x3 (2bits),
PN=0x3B5F11 (22 bits) and ICV length is 8B:
 Advanced Generic MAC header = A0 D5
 IV Initial CCM block B0 (128bits):
19 A0 D5 23
4A 00 00 00
00 00 00 FB
5F 11 00 C8
 Encrypted payload of EKS+PN (3B), encrypted payload (200B), encrypted ICV (8B):
FB 5F 11
EA 53 E1 74 89 B2 0B F3 F0 9B 0C 1B 84 9A A7 78
B8 D2 67 35 4F F6 95 D1 8B 60 79 F6 67 DB FF 3D
8C 76 AC C1 0C B5 A6 BB 6C 54 1B 61 FB 13 45 DA
4E A9 0A F4 B9 AC B5 AF 28 21 20 95 41 02 7B 4B
13 A8 BA 16 3B 9F 88 42 56 3E B4 0B 8C 4C EA 68
C0 74 F3 C1 CC BF D0 84 C2 7F D1 AC 48 44 E6 7D
63 63 1A F3 D9 39 F2 8F 6D F5 64 31 06 4B AA DE
2C AB C2 C9 8C BC 87 41 78 B7 85 27 C4 DD 33 D0
02 50 32 81 14 B2 32 8C 28 C7 11 72 75 CE FF 57
F2 E5 80 83 B2 08 24 4E 7A C4 18 63 3F CB 38 85
7C 7B DC AC E9 D1 1B 6B 8B EF E3 54 16 AE 3D 26
5A 10 7C FA 39 D6 51 17 67 16 46 3B 26 EE EF 85
EE 74 67 A7 13 DC 03 EF
IEEE C80216m-10_0879r1
2F 6B 08 CF 49 2A E1 04
-After decryption

Plaintext ICV= C2 C4 36 8F
24 01 2F 1F
Q.1.2 AES-CTR:
Q.1.2.1 Short payload
-Plaintext PDU
 Advanced Generic MAC header = D20 06
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
-Ciphertext PDU where TEK = 0xD50E18A844AC5BF38E4CD72D9B0942E5, EKS=0x1 (2bits) and
PN=0x17F6BC (22 bits):
 Advanced Generic MAC header = D0 069
 Encrypted payload of EKS+PN (3B), encrypted payload (4B):
57 F6 BC 86 FB 65 B7
Q.1.2.2 Long payload
-Plaintext PDU
 Advanced Generic MAC header = A0 CA

Payload (200B):
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F
30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F
40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F
60 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F
70 71 72 73 74 75 76 77 78 79 7A 7B 7C 7D 7E 7F
80 81 82 83 84 85 86 87 88 89 8A 8B 8C 8D 8E 8F
90 91 92 93 94 95 96 97 98 99 9A 9B 9C 9D 9E 9F
A0 A1 A2 A3 A4 A5 A6 A7 A8 A9 AA AB AC AD AE AF
B0 B1 B2 B3 B4 B5 B6 B7 B8 B9 BA BB BC BD BE BF
C0 C1 C2 C3 C4 C5 C6 C7
 STID=0x234, FID=0xA
-Ciphertext PDU where TEK = 0xB74EB0E4F81AD63D121B7E9AECCD268F, EKS=0x3 (2bits) and
PN=0x3B5F11 (22 bits):
 Advanced Generic MAC header = A0 CD
IEEE C80216m-10_0879r1
 Encrypted payload of EKS+PN (3B), encrypted payload (200B):
FB 5F 11
EC 86 6C FF 73 C8 CF A6 25 A6 2D E5 8E 68 0E 35
CD 0E AC 0F 0B A6 EE 50 6C CC 13 81 67 6C 85 6E
83 99 58 DF B8 BB 89 74 10 37 3A C3 37 0B 7D C6
BF 52 34 9C 85 25 92 27 79 85 D3 5C 62 F1 A9 67
DA 21 2B 87 04 D6 70 6C CC FD 2E B6 AD 27 64 CD
F9 DA AD 86 5B 20 5F 8D 20 37 BA 36 13 CD E8 E0
51 43 D4 C8 D5 CF 0B FA 92 8D 49 0F 91 2B 70 9A
6C 7C A0 9F FB 48 14 EB 08 03 DA 9E 13 A0 1C A3
E5 01 86 12 22 BD 1C 8A B5 E3 4E 17 A5 00 FC C7
91 DA F2 98 C5 A2 49 EC FC 92 39 ED 6B 4C F4 6A
2E 0D D2 58 55 0F DB 7F 97 A6 3B 3B 67 E3 BF 29
43 F6 7A 31 E2 6F 1B EB 51 12 D4 1C 07 F6 48 B0
A6 BF AB C6 77 2E 6E 27
Q.1.3 AES-CMAC:
This section is assuming the CAMAC calculation is performed according to the formula indicated in the
approved contribution C80216m-09_2022r316.the section 2.5.2.3.2.
2 flavors of test vectors are included- one with CMAC calculation that includes 16bit padding (as stated in
the contribution above) and one with the suggested remedy of 24bit padding.
Q.1.3.1 Short MAC control message (assuming 24 bit padding):
-Plaintext PDU
 ASN.1 encoded MAC control message Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
-Signature where CMAC_KEY= 0xD50E18A844AC5BF38E4CD72D9B0942E5,
AKPMKID=0xA67B1FE254CD290A (64bits) and CMAC_PN=0x57F6BC (24 bits):
 Message header (AKPMKID | CMAC_PN |STID|FID|24-bit zero padding | ASN.1
encoded MAC_ControlManagement_Message) =
A6 7B 1F E2
54 CD 29 0A
57 F6 BC 23
4D 00 00 00
 CMAC value (8B)= 78 1C 63 71 6F 48 6A 6F
Q.1.3.2 Long MAC control message (assuming 24 bit padding):
-Plaintext PDU
 ASN.1 encoded MAC control message Payload (100B):
00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F
20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F
IEEE C80216m-10_0879r1
30 31 32 33 34 35 36 37 38 39 3A 3B 3C 3D 3E 3F
40 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F
50 51 52 53 54 55 56 57 58 59 5A 5B 5C 5D 5E 5F
60 61 62 63
 STID=0xABC, FID=0xA
-Signature where CMAC_KEY= 0xB74EB0E4F81AD63D121B7E9AECCD268F,
AKPMKID=0xD5F725AE30F45B3C (64bits) and CMAC_PN=0x3B5F11 (24 bits):

Message header (AKPMK ID | CMAC_PN |STID|FID|24-bit zero padding | ASN.1
encoded MAC_ControlManagement_Message) =
D5 F7 25 AE
30 F4 5B 3C
3B 5F 11 AB
 CMAC value (8B)= DA 0A 50 5D
CA 00 00 00
04 2A 08 38
Q.1.3.1 Short message (assuming 16 bit padding):
-Plaintext PDU
 Payload = 9c 05 3f 24
 STID=0x234, FID=0xD
-Signature where CMAC_KEY= 0xD50E18A844AC5BF38E4CD72D9B0942E5,
PMKID=0xA67B1FE254CD290A (64bits) and CMAC_PN=0x57F6BC (24 bits):
 Message header (PMK ID | CMAC_PN |STID|FID|16-bit zero padding |
MAC_Management_Message)=
A6 7B 1F E2
54 CD 29 0A
57 F6 BC 23
 CMAC value (8B)= 69 6F 20 E8
4D 00 00
88 D9 E6 68
Q.1.3.2 Long message (assuming 16 bit padding):
-Plaintext PDU
 Payload (100B):
00 01 02 03
04 05 06 07
08 09 0A 0B
0C 0D 0E 0F
10 11 12 13
14 15 16 17
18 19 1A 1B
1C 1D 1E 1F
20 21 22 23
24 25 26 27
28 29 2A 2B
2C 2D 2E 2F
30 31 32 33
34 35 36 37
38 39 3A 3B
3C 3D 3E 3F
40 41 42 43
44 45 46 47
48 49 4A 4B
4C 4D 4E 4F
50 51 52 53
54 55 56 57
58 59 5A 5B
5C 5D 5E 5F
60 61 62 63
 STID=0xABC, FID=0xA
-Signature where CMAC_KEY= 0xB74EB0E4F81AD63D121B7E9AECCD268F,
PMKID=0xD5F725AE30F45B3C (64bits) and CMAC_PN=0x3B5F11 (24 bits):
IEEE C80216m-10_0879r1

Message header (PMK ID | CMAC_PN |STID|FID|16-bit zero padding |
MAC_Management_Message)=
D5 F7 25 AE
30 F4 5B 3C
3B 5F 11 AB
 CMAC value (8B)= DD F1 2E 6A
CA 00 00
F6 34 F1 2A
============================== End of Proposed Text ===============
4. References
[1] IEEE P802.16m/D6. DRAFT Amendment to IEEE Standard for Local and metropolitan area networks—
Part 16: Air Interface for Broadband Wireless Access Systems—Advanced Air Interface, MAY 2010.
[2] IEEE 802.16m-08/003r9a. The Draft IEEE 802.16m System Description Document, May 2009.
[3] IEEE 802.16m-07/002r9. IEEE 802.16m System Requirements Document, Sep 2009.
Download